Extracted

• • Target

    JaffaCakes118_2312702d8fca9ead6f65390864d9435b

  • Size

    987KB

  • MD5

    2312702d8fca9ead6f65390864d9435b

  • SHA1

    cdcef5b43ad9392e6720d1b7aa832c2d4be05015

  • SHA256

    799ebb3ec22e153858f38b61a57211092d76ed1430374c2fc451487b20e1a05f

  • SHA512

    2610404171f67e85a53702d0db466b9d09326311a4b99c081072008fc1505b4c3d76bb8a01bcf597882584e33fff056ba405ef6245d3849523f85b14fc98c015

  • SSDEEP

    12288:LdnorlsxT+A/ixV+7Pgtbs/VxDK96c9O1kT+8LZtGdRrPRzMrcRMW+xIy/LhC6jx:eYZxPgEpKuMvOR4rKGl/LhC6yveXL

  Score

  10^/10

  xtremeratcollectiondiscoverypersistenceratspywarestealerupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2